The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates and recommended mitigations:

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14861 and CVE-2019-14870 and apply the necessary updates and workarounds.

VMware Releases Security Updates for ESXi and Horizon DaaS

VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0022 and apply the necessary updates and workarounds.

ACSC Releases Fundamentals of Cross Domain Solutions

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks.

Microsoft Releases Security Advisory for Windows Hello for Business

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system.

This product is provided subject to this Notification and this Privacy & Use policy.